[PATCH 3/3] bhyve: implement domainAuthorizedSSHKeys{Get,Set} APIs

Sat, 06 Jun 2026 02:47:29 -0700 

Implement the domainAuthorizedSSHKeys{Get,Set} APIs using
the guest agent.

Signed-off-by: Roman Bogorodskiy <[email protected]>
---
 src/bhyve/bhyve_driver.c | 85 ++++++++++++++++++++++++++++++++++++++++
 1 file changed, 85 insertions(+)

diff --git a/src/bhyve/bhyve_driver.c b/src/bhyve/bhyve_driver.c
index d5f22b18bd..ed03c16ea8 100644
--- a/src/bhyve/bhyve_driver.c
+++ b/src/bhyve/bhyve_driver.c
@@ -2512,6 +2512,89 @@ bhyveDomainSetUserPassword(virDomainPtr domain,
     return ret;
 }
 
+static int
+bhyveDomainAuthorizedSSHKeysGet(virDomainPtr domain,
+                                const char *user,
+                                char ***keys,
+                                unsigned int flags)
+{
+    virDomainObj *vm = NULL;
+    qemuAgent *agent;
+    int rv = -1;
+
+    virCheckFlags(0, -1);
+
+    if (!(vm = bhyveDomObjFromDomain(domain)))
+        return -1;
+
+    if (virDomainAuthorizedSshKeysGetEnsureACL(domain->conn, vm->def) < 0)
+        goto cleanup;
+
+    if (virDomainObjBeginAgentJob(vm, VIR_AGENT_JOB_QUERY) < 0)
+        goto cleanup;
+
+    if (virDomainObjCheckActive(vm) < 0)
+        goto endjob;
+
+    if (bhyveDomainEnsureAgent(vm, true) < 0)
+        goto endjob;
+
+    agent = bhyveDomainObjEnterAgent(vm);
+    rv = qemuAgentSSHGetAuthorizedKeys(agent, user, keys);
+    bhyveDomainObjExitAgent(vm, agent);
+
+ endjob:
+    virDomainObjEndAgentJob(vm);
+ cleanup:
+    virDomainObjEndAPI(&vm);
+    return rv;
+}
+
+static int
+bhyveDomainAuthorizedSSHKeysSet(virDomainPtr domain,
+                                const char *user,
+                                const char **keys,
+                                unsigned int nkeys,
+                                unsigned int flags)
+{
+    virDomainObj *vm = NULL;
+    qemuAgent *agent;
+    const bool append = flags & VIR_DOMAIN_AUTHORIZED_SSH_KEYS_SET_APPEND;
+    const bool remove = flags & VIR_DOMAIN_AUTHORIZED_SSH_KEYS_SET_REMOVE;
+    int rv = -1;
+
+    virCheckFlags(VIR_DOMAIN_AUTHORIZED_SSH_KEYS_SET_APPEND |
+                  VIR_DOMAIN_AUTHORIZED_SSH_KEYS_SET_REMOVE, -1);
+
+    if (!(vm = bhyveDomObjFromDomain(domain)))
+        return -1;
+
+    if (virDomainAuthorizedSshKeysSetEnsureACL(domain->conn, vm->def) < 0)
+        goto cleanup;
+
+    if (virDomainObjBeginAgentJob(vm, VIR_AGENT_JOB_MODIFY) < 0)
+        goto cleanup;
+
+    if (virDomainObjCheckActive(vm) < 0)
+        goto endjob;
+
+    if (bhyveDomainEnsureAgent(vm, true) < 0)
+        goto endjob;
+
+    agent = bhyveDomainObjEnterAgent(vm);
+    if (remove)
+        rv = qemuAgentSSHRemoveAuthorizedKeys(agent, user, keys, nkeys);
+    else
+        rv = qemuAgentSSHAddAuthorizedKeys(agent, user, keys, nkeys, !append);
+    bhyveDomainObjExitAgent(vm, agent);
+
+ endjob:
+    virDomainObjEndAgentJob(vm);
+ cleanup:
+    virDomainObjEndAPI(&vm);
+    return rv;
+}
+
 static virHypervisorDriver bhyveHypervisorDriver = {
     .name = "bhyve",
     .connectURIProbe = bhyveConnectURIProbe,
@@ -2587,6 +2670,8 @@ static virHypervisorDriver bhyveHypervisorDriver = {
     .domainGetTime = bhyveDomainGetTime, /* 12.6.0 */
     .domainSetTime = bhyveDomainSetTime, /* 12.6.0 */
     .domainSetUserPassword = bhyveDomainSetUserPassword, /* 12.6.0 */
+    .domainAuthorizedSSHKeysGet = bhyveDomainAuthorizedSSHKeysGet, /* 12.6.0 */
+    .domainAuthorizedSSHKeysSet = bhyveDomainAuthorizedSSHKeysSet, /* 12.6.0 */
 };
 
 
-- 
2.52.0

Reply via email to